I need to ask the experts of Login, Session, cookie and authentication
handling urgently for a general peer review of a very short code part.
The code works well, but I wish to have some comments of you experts.
http://bugzilla.wikimedia.org/show_bug.cgi?id=1360 (incl. a flowchart)
The next is sniplet from
http://bugzilla.wikimedia.org/attachment.cgi?id=400&action=view
if loadfromsession() does not find credentials to login in via the
session, it returns by calling Auth:initUser()
Auth::initUser() does basically
....
(compose a new user account entry based on authentication data)
.....
$user->saveSettings();
$user->spreadBlock();
if( !isset( $_COOKIE[ini_get('session.name')] ) )
$user->SetupSession();
$user->setCookies();
return $user;
My question:
=========
is the sequence of steps, especially the position of the SetupSession()
correct ?